allow download xml for non-public books (tmp?)
authorJan Szejko <janek37@gmail.com>
Tue, 23 May 2017 13:50:11 +0000 (15:50 +0200)
committerJan Szejko <janek37@gmail.com>
Tue, 23 May 2017 13:50:11 +0000 (15:50 +0200)
apps/catalogue/views.py

index e71b349..c6ae419 100644 (file)
@@ -205,9 +205,7 @@ def upload(request):
 
 
 def serve_xml(request, book, slug):
 
 
 def serve_xml(request, book, slug):
-    if not book.accessible(request):
-        return HttpResponseForbidden("Not authorized.")
-    xml = book.materialize()
+    xml = book.materialize(publishable=True)
     response = http.HttpResponse(xml, content_type='application/xml')
     response['Content-Disposition'] = 'attachment; filename=%s.xml' % slug
     return response
     response = http.HttpResponse(xml, content_type='application/xml')
     response['Content-Disposition'] = 'attachment; filename=%s.xml' % slug
     return response
@@ -216,11 +214,14 @@ def serve_xml(request, book, slug):
 @never_cache
 def book_xml(request, slug):
     book = get_object_or_404(Book, slug=slug)
 @never_cache
 def book_xml(request, slug):
     book = get_object_or_404(Book, slug=slug)
+    if not book.accessible(request):
+        return HttpResponseForbidden("Not authorized.")
     return serve_xml(request, book, slug)
 
 
 @never_cache
 def book_xml_dc(request, slug):
     return serve_xml(request, book, slug)
 
 
 @never_cache
 def book_xml_dc(request, slug):
+    # no permission check, because non-public books
     book = get_object_or_404(Book, dc_slug=slug)
     return serve_xml(request, book, slug)
 
     book = get_object_or_404(Book, dc_slug=slug)
     return serve_xml(request, book, slug)